Skip to content

Commit 931178d

Browse files
author
Keyfactor
committed
Update store_types.json for all:latest
1 parent e74aee9 commit 931178d

2 files changed

Lines changed: 56 additions & 24 deletions

File tree

cmd/store_types.json

Lines changed: 28 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"BlueprintAllowed": false,
44
"Capability": "AKV",
55
"ClientMachineDescription": "The GUID of the tenant ID of the Azure Keyvault instance; for example, '12345678-1234-1234-1234-123456789abc'.",
6-
"CustomAliasAllowed": "Optional",
6+
"CustomAliasAllowed": "Required",
77
"EntryParameters": [
88
{
99
"Name": "CertificateTags",
@@ -56,14 +56,6 @@
5656
"PowerShell": false,
5757
"PrivateKeyAllowed": "Optional",
5858
"Properties": [
59-
{
60-
"Name": "TenantId",
61-
"DisplayName": "Tenant Id",
62-
"Description": "The ID of the primary Azure Tenant where the KeyVaults are hosted",
63-
"Type": "String",
64-
"DependsOn": "",
65-
"Required": false
66-
},
6759
{
6860
"Name": "SkuType",
6961
"DisplayName": "SKU Type",
@@ -585,7 +577,7 @@
585577
{
586578
"Name": "CertificateTags",
587579
"DisplayName": "Certificate Tags",
588-
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'",
580+
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.",
589581
"Type": "string",
590582
"RequiredWhen": {
591583
"HasPrivateKey": false,
@@ -637,6 +629,16 @@
637629
"Remove": true
638630
},
639631
"Properties": [
632+
{
633+
"Name": "SeparatePrivateKey",
634+
"DisplayName": "Store as JSON with separate private key",
635+
"Type": "Bool",
636+
"DependsOn": "",
637+
"DefaultValue": "false",
638+
"Required": false,
639+
"IsPAMEligible": false,
640+
"Description": "When enabled, the certificate is stored as a JSON document with separate 'certificate' (PEM certificate and chain, leaf first) and 'private_key' (PEM) properties, rather than a single concatenated PEM string."
641+
},
640642
{
641643
"Name": "UseDefaultSdkAuth",
642644
"DisplayName": "Use Default SDK Auth",
@@ -762,7 +764,7 @@
762764
{
763765
"Name": "CertificateTags",
764766
"DisplayName": "Certificate Tags",
765-
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'",
767+
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.",
766768
"Type": "string",
767769
"RequiredWhen": {
768770
"HasPrivateKey": false,
@@ -939,7 +941,7 @@
939941
{
940942
"Name": "CertificateTags",
941943
"DisplayName": "Certificate Tags",
942-
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'",
944+
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.",
943945
"Type": "string",
944946
"RequiredWhen": {
945947
"HasPrivateKey": false,
@@ -3517,6 +3519,20 @@
35173519
"OnReenrollment": false
35183520
},
35193521
"Description": "GCP Certificate Manager `scope` for this certificate entry. Allowed: `DEFAULT` (global external Application Load Balancers), `ALL_REGIONS` (cross-region internal Application Load Balancers), `EDGE_CACHE` (Media CDN), `CLIENT_AUTH` (mTLS trust configs / authorized client server certs). **Immutable in GCP** - once a certificate is created with a given scope, GCP refuses to change it. Inventory persists the existing scope back from GCP so renewals carry it forward automatically. A single store can hold certs at different scopes (the field is per-entry, not store-wide)."
3522+
},
3523+
{
3524+
"Name": "labels",
3525+
"DisplayName": "Labels",
3526+
"Type": "String",
3527+
"DependsOn": "",
3528+
"DefaultValue": "",
3529+
"RequiredWhen": {
3530+
"HasPrivateKey": false,
3531+
"OnAdd": false,
3532+
"OnRemove": false,
3533+
"OnReenrollment": false
3534+
},
3535+
"Description": "An optional list of one-to-many comma delimited label key:value pairs to assign to the certificate. Values should be entered as key1:value1,key2:value2,...,keyN:valueN. Inventory persists the certificate's existing GCP labels back into this field so renewals carry them forward automatically."
35203536
}
35213537
]
35223538
},

store_types.json

Lines changed: 28 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"BlueprintAllowed": false,
44
"Capability": "AKV",
55
"ClientMachineDescription": "The GUID of the tenant ID of the Azure Keyvault instance; for example, '12345678-1234-1234-1234-123456789abc'.",
6-
"CustomAliasAllowed": "Optional",
6+
"CustomAliasAllowed": "Required",
77
"EntryParameters": [
88
{
99
"Name": "CertificateTags",
@@ -56,14 +56,6 @@
5656
"PowerShell": false,
5757
"PrivateKeyAllowed": "Optional",
5858
"Properties": [
59-
{
60-
"Name": "TenantId",
61-
"DisplayName": "Tenant Id",
62-
"Description": "The ID of the primary Azure Tenant where the KeyVaults are hosted",
63-
"Type": "String",
64-
"DependsOn": "",
65-
"Required": false
66-
},
6759
{
6860
"Name": "SkuType",
6961
"DisplayName": "SKU Type",
@@ -585,7 +577,7 @@
585577
{
586578
"Name": "CertificateTags",
587579
"DisplayName": "Certificate Tags",
588-
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'",
580+
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.",
589581
"Type": "string",
590582
"RequiredWhen": {
591583
"HasPrivateKey": false,
@@ -637,6 +629,16 @@
637629
"Remove": true
638630
},
639631
"Properties": [
632+
{
633+
"Name": "SeparatePrivateKey",
634+
"DisplayName": "Store as JSON with separate private key",
635+
"Type": "Bool",
636+
"DependsOn": "",
637+
"DefaultValue": "false",
638+
"Required": false,
639+
"IsPAMEligible": false,
640+
"Description": "When enabled, the certificate is stored as a JSON document with separate 'certificate' (PEM certificate and chain, leaf first) and 'private_key' (PEM) properties, rather than a single concatenated PEM string."
641+
},
640642
{
641643
"Name": "UseDefaultSdkAuth",
642644
"DisplayName": "Use Default SDK Auth",
@@ -762,7 +764,7 @@
762764
{
763765
"Name": "CertificateTags",
764766
"DisplayName": "Certificate Tags",
765-
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'",
767+
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.",
766768
"Type": "string",
767769
"RequiredWhen": {
768770
"HasPrivateKey": false,
@@ -939,7 +941,7 @@
939941
{
940942
"Name": "CertificateTags",
941943
"DisplayName": "Certificate Tags",
942-
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'",
944+
"Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.",
943945
"Type": "string",
944946
"RequiredWhen": {
945947
"HasPrivateKey": false,
@@ -3517,6 +3519,20 @@
35173519
"OnReenrollment": false
35183520
},
35193521
"Description": "GCP Certificate Manager `scope` for this certificate entry. Allowed: `DEFAULT` (global external Application Load Balancers), `ALL_REGIONS` (cross-region internal Application Load Balancers), `EDGE_CACHE` (Media CDN), `CLIENT_AUTH` (mTLS trust configs / authorized client server certs). **Immutable in GCP** - once a certificate is created with a given scope, GCP refuses to change it. Inventory persists the existing scope back from GCP so renewals carry it forward automatically. A single store can hold certs at different scopes (the field is per-entry, not store-wide)."
3522+
},
3523+
{
3524+
"Name": "labels",
3525+
"DisplayName": "Labels",
3526+
"Type": "String",
3527+
"DependsOn": "",
3528+
"DefaultValue": "",
3529+
"RequiredWhen": {
3530+
"HasPrivateKey": false,
3531+
"OnAdd": false,
3532+
"OnRemove": false,
3533+
"OnReenrollment": false
3534+
},
3535+
"Description": "An optional list of one-to-many comma delimited label key:value pairs to assign to the certificate. Values should be entered as key1:value1,key2:value2,...,keyN:valueN. Inventory persists the certificate's existing GCP labels back into this field so renewals carry them forward automatically."
35203536
}
35213537
]
35223538
},

0 commit comments

Comments
 (0)